CVE-2026-34059PATCHED

apache software foundation · apache http server

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Description

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Affected Products

Vendor	Product	Versions
apache software foundation	apache http server	0

References

https://httpd.apache.org/security/vulnerabilities_24.html(vendor-advisory)

Related News (2 articles)

Tier C

oss-security3h ago

CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-34059 | Apache HTTP Server up to 2.4.66 buffer over-read

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://httpd.apache.org/security/vulnerabilities_24.html

CWECWE-126

PublishedMay 4, 2026

Last enriched4h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-34032EXP

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Trending: 64

NONECVE-2026-24072EXP

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

Trending: 51

NONECVE-2026-33006EXP

Apache HTTP Server: mod_auth_digest timing attack

Trending: 51

HIGHCVE-2026-29169

Apache HTTP Server: mod_dav_lock indirect lock crash

Trending: 48

MEDIUMCVE-2026-33857

Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Trending: 44

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 4, 2026

Discovered by ZDM

May 4, 2026

Updated: severity, tags

May 4, 2026

Patch Available

May 4, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, marked exploit availability as false, and added CVE-2026-34059 as a new tag.

severitytags

via VulDB

v16h ago

Initial creation